diff options
| author | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-07-31 10:56:56 -0400 |
|---|---|---|
| committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-07-31 13:59:59 -0400 |
| commit | 9096def9687739a40df79efe4e9e4d9b19215201 (patch) | |
| tree | b2f47817d0899e0de7f04bc40e226e8c729d5860 /src/mongo/db/auth/authorization_session_test.cpp | |
| parent | 6d9d554e24b134e9cadad7e9377c5e4634c3a6af (diff) | |
| download | mongo-9096def9687739a40df79efe4e9e4d9b19215201.tar.gz | |
SERVER-30434: Process authenticationRestrictions in FCV 3.4
Diffstat (limited to 'src/mongo/db/auth/authorization_session_test.cpp')
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 9cdbe4aa730..e6626c58576 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -572,82 +572,6 @@ TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::insert)); } -TEST_F(AuthorizationSessionTest, AcquireUserFailsWithOldFeatureCompatibilityVersion) { - ASSERT_OK(managerState->insertPrivilegeDocument(_opCtx.get(), - BSON("user" - << "spencer" - << "db" - << "test" - << "credentials" - << BSON("MONGODB-CR" - << "a") - << "roles" - << BSON_ARRAY(BSON("role" - << "readWrite" - << "db" - << "test")) - << "authenticationRestrictions" - << BSON_ARRAY(BSON( - "clientSource" - << BSON_ARRAY("192.168.0.0/24" - << "192.168.2.10") - << "serverAddress" - << BSON_ARRAY("192.168.0.2")))), - BSONObj())); - - serverGlobalParams.featureCompatibility.version.store( - ServerGlobalParams::FeatureCompatibility::Version::k34); - - RestrictionEnvironment::set( - session, - stdx::make_unique<RestrictionEnvironment>(SockAddr("192.168.0.6", 5555, AF_UNSPEC), - SockAddr("192.168.0.2", 5555, AF_UNSPEC))); - - ASSERT_NOT_OK(authzSession->addAndAuthorizeUser(_opCtx.get(), UserName("spencer", "test"))); -} - -TEST_F(AuthorizationSessionTest, RefreshRemovesRestrictedUsersDuringFeatureCompatibilityDowngrade) { - ASSERT_OK(managerState->insertPrivilegeDocument( - _opCtx.get(), - BSON("user" - << "spencer" - << "db" - << "test" - << "credentials" - << BSON("MONGODB-CR" - << "a") - << "roles" - << BSON_ARRAY(BSON("role" - << "readWrite" - << "db" - << "test")) - << "authenticationRestrictions" - << BSON_ARRAY(BSON("clientSource" << BSON_ARRAY("192.168.0.0/24") << "serverAddress" - << BSON_ARRAY("192.168.0.2")))), - BSONObj())); - - RestrictionEnvironment::set( - session, - stdx::make_unique<RestrictionEnvironment>(SockAddr("192.168.0.6", 5555, AF_UNSPEC), - SockAddr("192.168.0.2", 5555, AF_UNSPEC))); - - ASSERT_OK(authzSession->addAndAuthorizeUser(_opCtx.get(), UserName("spencer", "test"))); - - serverGlobalParams.featureCompatibility.version.store( - ServerGlobalParams::FeatureCompatibility::Version::k34); - - ASSERT_TRUE(authzSession->lookupUser(UserName("spencer", "test"))); - ASSERT_TRUE( - authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); - - authzManager->invalidateUserCache(); - authzSession->startRequest(_opCtx.get()); - - ASSERT_FALSE(authzSession->lookupUser(UserName("spencer", "test"))); - ASSERT_FALSE( - authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); -} - TEST_F(AuthorizationSessionTest, AcquireUserObtainsAndValidatesAuthenticationRestrictions) { ASSERT_OK(managerState->insertPrivilegeDocument( _opCtx.get(), |